Lightweight/portable solution for limiting file access?

Hello,

Not having done too much security-related on Windows I'm doing research for an idea I have, this seemed like a good place to start.

The goal is to be able to mount removable media containing sensitive data in untrusted environments. I've already cleared quite a few hurdles and the last part to be figured out is how to limit read/write/execute access. Let's say the drive is mapped to letter X:. What I am looking for is a lightweight/portable solution that could be configured to:
1) allow only C:\altshell.exe to read/execute files on X:
2) allow X:\*.exe to read/write/execute files on X:
3) deny all other all other processes access to X:

This would have to be portable in the sense that it needs to work on NT 5.1 and newer, preferably with no installation process and without rebooting the host for the policies to be taken into use.

SRP seems interesting but I'm not sure if it:
1) works on all >NT 5.1 versions or if there are certain limitations
2) needs a reboot/session-restart for the polices to be taken into use
3) plays well together with previously applied Global Policies/Local Policies

Really any ideas/feedback you guys can come up with is much appreciated!

 

2 Free Tools to Write Protect USB Flash Drives from Registry
USBDummyProtect Fills Up Empty Space to Protect USB Drives from Viruses

 

If you are comfortable with Classical HIPS, Malware Defender has file and folder rules and thus your goal of limiting file access. But it is not portable since it requires installation to have its kernel driver loaded along with some registry changes but it doesn't require a reboot, I think. Arran is an expert in MD, you can PM him.

 

Thanks but write protection is not really of interest as I want to:
1) limit read/execute access to certain processes
2) give certain processes write access

Mounting as read-only can be interesting in other scenarios, but I already have means to do that.

Thanks! A classical HIPS is indeed most likely to solve this issue. I fancy OSSS but it requires a reboot to initiate the protection and if I have to reboot I might as well boot GNU/Linux. I'll have a look at MD and try not to bother Arran too much.

Edit: I just checked out MD, what is the status on that software? Has is reached EOL?

 

It is now free. Check the MD topic in other anti malware for the link to the latest version.

 

I saw that it's free, but I couldn't see any signs of active development. Also, without trying to bring up a flame-war, the surrounding PatchGuard war is interesting.